Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
0
Helpful
4
Replies

integrating the NM-ESW16 ether-switch network moduel

Areyouserious
Level 1
Level 1

‎11-05-2018 01:24 AM - edited ‎03-05-2019 11:02 AM

Hi everybody.

 

I have a Cisco 2811 router with one Fastethernet L3 port in trunk mode, with sub interfaces, and a switch connected at the end with Vlans set up in another room.

 

 

I had planned to use the gigabit port on a NM-ESW-16 module to create a high speed trunk to this switch, but found out it only works at Layer 2 mode.

 

I need to set up another switch out where the router is, and thought I could use the switch module to create further additional VLAN's on certain ports.

 

Problem is I can't get the ports on the switch module to talk to other networks on the same router.

 

One port that I assigned to VLAN 9 was able to ping its gateway from a PC connected to it but that's it.  The PC can't ping any other IP address or network.  It also can not ping hosts on the other switch mentioned earlier with a trunk connected to it.

 

Just wondering if anyone could help me.

 

Thankyou very much

 

 

 

service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 10.1.1.110 10.1.1.250
ip dhcp excluded-address 10.1.3.3 10.1.3.255
ip dhcp excluded-address 10.1.1.1
ip dhcp excluded-address 10.1.2.1
ip dhcp excluded-address 10.1.3.1
ip dhcp excluded-address 10.1.4.1
ip dhcp excluded-address 10.1.5.1
ip dhcp excluded-address 10.1.6.1
ip dhcp excluded-address 10.1.7.1
ip dhcp excluded-address 10.1.8.1
ip dhcp excluded-address 10.1.9.1
ip dhcp excluded-address 10.1.7.2
ip dhcp excluded-address 10.1.9.2
ip dhcp excluded-address 10.1.9.5
ip dhcp excluded-address 10.1.9.1 10.1.9.20
!
ip dhcp pool Telephones
network 10.1.2.0 255.255.255.0
default-router 10.1.2.1
option 150 ip 192.168.17.3
!
ip dhcp pool Level1
network 10.1.5.0 255.255.255.0
default-router 10.1.5.1
dns-server 8.8.8.8
!
ip dhcp pool Accounting
network 10.1.7.0 255.255.255.0
default-router 10.1.7.1
dns-server 8.8.8.8
!
ip dhcp pool cctv
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
!
ip dhcp pool Reception
network 10.1.9.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.1.9.1
!
!
!
ip name-server 8.8.8.8
ip inspect tcp reassembly alarm on
ip inspect name CCTV tcp audit-trail on
ip inspect name CCTV udp audit-trail on
ip inspect name CCTV rtsp audit-trail on
ip inspect name CCTV icmp audit-trail on
ip inspect name NBN udp audit-trail on
ip inspect name NBN tcp audit-trail on
ip inspect name NBN rtsp audit-trail on
ip inspect name NBN http audit-trail on
ip inspect name NBN https audit-trail on
ip inspect name NBN isakmp audit-trail on
ip inspect name NBN ntp audit-trail on
ip inspect name NBN sip audit-trail on
ip inspect name NBN ssh audit-trail on
ip address-pool dhcp-pool
login block-for 300 attempts 3 within 60
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!


redundancy
!
!
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key XXXXXXXXXXXXX address XXX.XXX.XXX.XXX
!
!
crypto ipsec transform-set XXXXXXXXXXXXXX esp-aes esp-sha-hmac
!
crypto ipsec profile IPSEC_PROFILE
set transform-set XXXXXXXXXXXXXXX
!
!
!
!
!
!
!
interface Tunnel0
ip address 172.16.1.2 255.255.255.0
ip virtual-reassembly in
tunnel source XXX.XXX.XXX.XXX
tunnel mode ipsec ipv4
tunnel destination XXX.XXX.XXX.XXX
tunnel protection ipsec profile IPSEC_PROFILE
!
interface FastEthernet0/0
ip address dhcp
ip access-group INTERNATIONAL-BLOCK in
ip nat outside
ip inspect NBN out
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 10.1.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1.3
encapsulation dot1Q 3
ip address 10.1.3.1 255.255.255.0
ip inspect CCTV out
ip virtual-reassembly in
!
interface FastEthernet0/1.4
!
interface FastEthernet0/1.5
encapsulation dot1Q 5
ip address 10.1.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1.6
encapsulation dot1Q 6
ip address 10.1.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
shutdown
!
interface FastEthernet0/1.7
encapsulation dot1Q 7
ip address 10.1.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1/0
no ip address
!
interface FastEthernet0/1/1
no ip address
!
interface FastEthernet0/1/2
no ip address
!
interface FastEthernet0/1/3
no ip address
!
interface FastEthernet1/0
switchport access vlan 9
no ip address
vlan-id dot1q 9
exit-vlan-config
!
!
interface FastEthernet1/1
no ip address
!
interface FastEthernet1/2
no ip address
!
interface FastEthernet1/3
no ip address
!
interface FastEthernet1/4
no ip address
!
interface FastEthernet1/5
no ip address
!
interface FastEthernet1/6
no ip address
!
interface FastEthernet1/7
no ip address
!
interface FastEthernet1/8
no ip address
!
interface FastEthernet1/9
no ip address
!
interface FastEthernet1/10
no ip address
!
interface FastEthernet1/11
no ip address
!
interface FastEthernet1/12
no ip address
!
interface FastEthernet1/13
no ip address
!
interface FastEthernet1/14
no ip address
!
interface FastEthernet1/15
no ip address
!
interface GigabitEthernet1/0
no ip address
!
interface Vlan1
no ip address
!
interface Vlan9
ip address 10.1.9.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload

!
ip access-list extended INTERNATIONAL-BLOCK
permit udp any any eq bootpc
permit ip host XXX.XXX.XXX.XXX any
deny ip any any
!
access-list 1 permit 10.1.5.0 0.0.0.255
access-list 1 permit 10.1.9.0 0.0.0.255
access-list 1 permit 10.1.7.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
banner login ^CAccess to this system is by authorised persons only! All connections are monitored. If you are not authorised disconnect immediately. Offenders will be prosecuted to the full extend of the law.^C
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
end

 

 

Labels:
0 Helpful
4 Replies 4

dbeattie
Level 1
Level 1

‎11-06-2018 01:11 AM

It has been a while since I used ESWs, but I seem to remember creating sub-interfaces on the G1/0 interface, which represents the ESW's link to the router backplane. These sub-interfaces sit in VLANs on the ESW, rather like setting up a traditional router-on-a-stick, and will do all of the inter-VLAN routing for you.

 

Hope this helps.

 

Dave

 

0 Helpful

Areyouserious
Level 1
Level 1
In response to dbeattie

‎11-09-2018 12:29 PM

Hi,

 

No the Gig port dosnt appear to support sub interfaces.

 

Can you still connect the EWS's vlans to the routers networks?

0 Helpful

Sam Smiley
Level 3
Level 3

‎11-10-2018 11:08 AM

I would get rid of the sub interfaces on fa0/1 and move them to SVIs. With the NME in a router it is in essence a L3 switch that is capable of full L3 functions. Then you would use the Gigabit interface as a trunk back to your switch. Here is a config from an old 2600 with a NME-16.

 

Cheers,
Sam

Preview file
4 KB
0 Helpful
Customers Also Viewed These Support Documents